52 users online (0 members and 52 guests)  


Page 1 of 2 1 2 Last
  Results 1 to 15 of 17

Related

  1. hiding source?    Forum: HTML Forum
    Replies: 3
  2. Replies: 3
  1. #1
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652

    Hiding email addresses from spambots

    First of all, seeing no other threads in this "Email Spam Forum" I have one suggestion:

    This is the type of topic that would be especially valuable to people who create and/or use spambots themselves - merely to discover techniques to counteract the anti-spambot techniques described herein. For that reason, this forum should be limited to 'registered' members of this forum who have achieved a minimum number of postings - such number being that which Admin feels is sufficient to 'possibly' identify and exclude those who come here just to take and not to share -- presumably that definition encompassing almost all spambot creators/users.

    All that being said, I'm assuming that the most effective way to hide email addresses is via an include file that itself isn't (or more preferrably, can"t be) read by a spambot.

    Another method is to break the typical mailto:name@domain.com email address into chunks with <B> or <SPAN> or other HTML encoding tricks.

    Without going into specific techniques (for obvious reasons), do others have any more efficacious methods?



    [ I'm in the process of revising 50 HTML files to hide the 'public'
    email addresses naively placed therein before I discovered JavaScript or Spam. The hardest and, therefore, the first ones needing recoding will be the guestbooks which contain visitor email addresses - possibly the biggest "goldmines" for spambots there are. ]

  2. #2
    Doorknob's Avatar
    Super Newbie

    Status
    Offline
    Join Date
    Jun 2002
    Location
    Malaysia
    Posts
    316
    sadly, include files wouldn't be a viable alternative for those webmasters who only have access to hosts that don't allow it.

    i've known about spambots, but not figured out a way to hide email addresses yet. i hope someone would enlighten me

  3. #3
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    Figuring that they key on the "mailto:" and "@" components of an email address, one could hide parts thereto inside meaningless <HTM>cod</HTM>ing as one way. That's pretty much what I'll have to do on the one file I have with them that is an alternative to and therefore doesn't use a JavaScript include file.

  4. #4
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    Keeping spambots from your site is almost impossible, a good start is through the use of a fairly strict robots.txt file. I ban a lot of different bots from spidering ahfb, as well as attempt to keep the search engines out of a few directories that I do not want them poking in by using a very long robots.txt file.

    Another great way, which I also incorporate into ahfb, is email through the use of forms, of course you smtp server had better be secure. I get atleast a dozen hits a week of people testing my security, hoping to find a hole so I can be used as an engine for their spam.

    Alternately you may use an encryptor so that the spiders cannot decipher it. The source code for

    somebody@someplace.com

    would be a href="mailto:%73%6F%6D%65%62%6F%64%79%40%73%6F%6D%65%70%6C%61%63%65%2E%63%6F%6D"

    ahfb is about as safe as one can be, the only way they spammers can get far here is if they are not yet in my robots.txt file, then they will only find emails that are posted in threads. Users emails are scripted through a form so that nobody ever sees it, my own emails also go through the form so I only have to worry about the few that got me before I smart.

    Dave

    ps.benzden I emailed dotster yesterday in regards to your question, sorry for the delay.

  5. #5
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    One thing for sure that needs to be done is to hide the "mailto:" and "@" character. I've just begun the process.

    Or, alternatively, place a bunch of mailto: addresses inside <!--hidden text--> within the page addressed to all the known spammers in the world.

  6. #6
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    I would not suggest hidden text, nor would google

    D
    AHFBWEB Less customers per server, more power for you!

    Business Class Shared Hosting

  7. #7
    Doorknob's Avatar
    Super Newbie

    Status
    Offline
    Join Date
    Jun 2002
    Location
    Malaysia
    Posts
    316
    Originally posted by benzden
    One thing for sure that needs to be done is to hide the "mailto:" and "@" character. I've just begun the process.

    Or, alternatively, place a bunch of mailto: addresses inside <!--hidden text--> within the page addressed to all the known spammers in the world.
    i bow down to your evilness

  8. #8
    Doorknob's Avatar
    Super Newbie

    Status
    Offline
    Join Date
    Jun 2002
    Location
    Malaysia
    Posts
    316
    Originally posted by Dave
    a href="mailto:%73%6F%6D%65%62%6F%64%79%40%73%6F%6D%65%70%6C%61%63%65%2E%63%6F%6D"
    this ascii?

  9. #9
    Blue's Avatar
    New User

    Status
    Offline
    Join Date
    Feb 2003
    Location
    Orange County, CA
    Posts
    12
    somebody@someplace.com

    would be a href="mailto:%73%6F%6D%65%62%6F%64%79%40%73%6F%6D%65%70%6C%61%63%65%2E%63%6F%6D"
    Hint: Take this one step further and encrypt the "mailto:" part as well.

    Many spambots now know to look for the "mailto:" part and can decrypt the rest.

  10. #10
    nassau12's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Nov 2002
    Location
    Princeton, NJ
    Posts
    32
    What happens if you code your email like this?

    mailto:somebody@DELETEsomeplace.com (being sure to remind the sender to omit the DELETE before sending.)

    When I have sent myself email using this configuration, it is neither delivered nor returned.

  11. #11
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    (being sure to remind the sender to omit the DELETE before sending.)
    That's the crux of the problem - having to remind anyone to do anything when browsing the web defeats the purpose of it all -- especially when one factors in the languages, browsers, screen resolutions, 'newbieness', et al into the equation. We need solutions that don't require any expertise on the part of the user - just us.

  12. #12
    QuietDean's Avatar
    Administrator

    Status
    Offline
    Join Date
    Oct 2000
    Location
    Bournemouth, UK
    Posts
    2,662
    Ultimately, using mailto is going to get to the spammers.

    The only real answer is to use server-side processing to send emails.

    On that note, I made a 'universal' email processing script somewhere in these forums..
    If one of our members helps you, please click the icon to add to their reputation!
    No support via email or private message - use the forums!
    Before you ask, have you Searched?

  13. #13
    nassau12's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Nov 2002
    Location
    Princeton, NJ
    Posts
    32
    For those who wish to try the encryption email address mentioned by Dave above, here is a link to a site that has a tool for generating the HTML encryption for any standard email address: www.wbwip.com/wbw/emailencoder.html

  14. #14
    Doorknob's Avatar
    Super Newbie

    Status
    Offline
    Join Date
    Jun 2002
    Location
    Malaysia
    Posts
    316
    thanks

    btw, is converting the email address to ascii enough?
    and if so, i can't remember the function to convert string to ascii. someone remind me please

    thanks in advance

  15. #15
    sonofmidi's Avatar

    Status
    Offline
    Join Date
    Jan 2001
    Location
    NC, USA
    Posts
    75
    I found this user supplied function at php.net and I adapted it to use at my site to encode emails if your host has PHP. This allows you to dynamically encode each email.

    Copy and paste this code and save as "email.encode.php"

    PHP Code:
    <?php

    function encodeEmail($_email,$_emailText,$_emailCSS)
    {
       
    $_encodedEmail '';
       
       for(
    $i 0$i strlen($_email); $i++)
       {
          
    $_check htmlentities($_email[$i],ENT_QUOTES);
          
    $_email[$i] == $_check $_encodedEmail .= '&#'ord($_email[$i]). ';' $_encodedEmail .= $_check;
       }
       
       if(
    trim($_emailText == ''))
       {
           
    $_emailText $_encodedEmail;
       }
       
       
    $_viewEmail '<a href="mailto:' $_encodedEmail '" class="' $_emailCSS '" title="' $_emailText '">' $_emailText '</a>';
       
       return 
    $_viewEmail;
    }

    ?>
    Add at the top of your template or page

    PHP Code:
    <?php include 'path/to/email.encode.php'?>

    Add this function anywhere you want an email link

    Usage:
    PHP Code:
    <?php echo encodeEmail('email_address','anchor text','CSS classID'); ?>
    Example:
    PHP Code:
    <?php echo encodeEmail('foo@foo.com','Contact','navLink'); ?>

    Note: leave anchor text empty to default to email_address

    Note: leave CSS classID empty to inherit page style settings



Page 1 of 2 1 2 Last

Tags for this Thread